$i++; } } else { echo '<div id="no-comments" class="round"><img src="./stuff/img/icons/information.png" alt="" /> ' . $lang['comm_msg_post_no_comments'] . '</div>'; } } else { include './stuff/inc/mn-start.php'; define('MN_LOGGED', true); $auth = user_auth('3'); if (isset($_GET['action']) && $_GET['action'] == 'reply' && file_exists($dir['comments'] . 'comments_' . $_GET['post'] . '.php')) { $admin_tmpl['comment_reply'] = true; } elseif (isset($_POST['action']) && $_POST['action'] == 'reply' && isset($_POST['c_text']) && !empty($_POST['c_text']) && file_exists($dir['comments'] . 'comments_' . $_POST['post'] . '.php')) { $c_content = file_get_contents($dir['comments'] . 'comments_' . $_POST['post'] . '.php'); $c_id = trim(file_get_contents($file['id_comments'])); $user = get_values('users', $_SESSION['mn_user_id']); $c_content .= $c_id . DELIMITER . mn_time() . DELIMITER . $_POST['post'] . DELIMITER . '1' . DELIMITER . $_SESSION['mn_user_id'] . DELIMITER . $user['username'] . DELIMITER . $user['email'] . DELIMITER . $user['www'] . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . $_SERVER['REMOTE_ADDR'] . DELIMITER . gethostbyaddr($_SERVER['REMOTE_ADDR']) . DELIMITER . $_SERVER['HTTP_USER_AGENT'] . DELIMITER . check_comment_text($_POST['c_text']) . "\n"; if (mn_put_contents($file['id_comments'], $c_id + 1)) { if (mn_put_contents($dir['comments'] . 'comments_' . $_POST['post'] . '.php', $c_content)) { header('location: ./mn-comments.php?back=added'); exit; } else { overall_header($lang['comm_comments'], $lang['comm_msg_put_contents_error'], 'error'); } } else { overall_header($lang['comm_comments'], $lang['comm_msg_put_contents_error'], 'error'); } } elseif (isset($_GET['action']) && ($_GET['action'] == 'delete' || $_GET['action'] == 'edit') && isset($_GET['post']) && isset($_GET['id'])) { $c_file = file($dir['comments'] . 'comments_' . $_GET['post'] . '.php'); array_shift($c_file); if ($auth == 2) { $post = get_post_data($_GET['post']);
$user_tmpl = isset($mn_tmpl) && file_exists(MN_ROOT . $dir['templates'] . $mn_tmpl . '_13.html') ? $mn_tmpl : DEFAULT_TMPL; $user_result = user_tmpl($_GET['mn_user'], $user_tmpl . '_13', $mn_url); echo encoding($user_result); echo '<!-- Powered by MNews: www.mnewscms.com -->'; } elseif (file_exists(MN_ROOT . $file['posts'])) { # read posts file $p_file = file(MN_ROOT . $file['posts']); $posts = array(); array_shift($p_file); $p_file = mn_natcasesort($p_file); $p_file = array_reverse($p_file, true); # put posts to arrays - one array for IDs, one for timestamps foreach ($p_file as $p_line) { $post = get_values('posts', $p_line, false); # we want only actuall and approved posts if ($post['timestamp'] > mn_time()) { continue; } elseif (!isset($mn_author) && $post['status'] != '1') { continue; } elseif (isset($mn_author) && $post['status'] > '2') { continue; } else { # check other settings if (!empty($mn_cat) && !in_array($post['cat'], $mn_cats)) { continue; } if (isset($_GET['mn_archive']) && !empty($_GET['mn_archive']) && $_GET['mn_archive'] != date('Y-m', $post['timestamp'])) { continue; } if (isset($mn_author) && !empty($mn_author) && $mn_author != $post['author']) { continue;
} } move_uploaded_file($_FILES['file']['tmp_name'], $target_file); $files_file = file($file['files']); $files_file_lines = ''; foreach ($files_file as $single_line) { $file_data = explode(DELIMITER, $single_line); if (substr($file_data[0], 0, 2) == '<?') { $auto_increment_id = trim($file_data[1]); } else { $files_file_lines .= $single_line; } } $file_size = filesize($target_file); $files_file_content = SAFETY_LINE . DELIMITER . ($auto_increment_id + 1) . "\n" . $files_file_lines; $files_file_content .= $auto_increment_id . DELIMITER . $clean_file_name . DELIMITER . $clean_file_ext . DELIMITER . $file_size . DELIMITER . mn_time() . DELIMITER . $file_dir . DELIMITER . '' . DELIMITER . '' . DELIMITER . $_SESSION['mn_user_id'] . DELIMITER . $file_gallery . DELIMITER . $file_folder . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . "\n"; mn_put_contents($file['files'], $files_file_content); if ($multiupload && !isset($_GET['mce'])) { echo '<tr class="highlight"> <td><input type="checkbox" name="files[]" value="' . $auto_increment_id . '" class="checkbox" checked="checked" /></td> <td class="cell-icon"><img src="./stuff/img/icons/file-' . $ext_img[strtolower($clean_file_ext)] . '.png" alt="" title="' . $clean_file_ext . '" class="tooltip" width="16" height="16" /></td> <td><a href="' . $target_file . '" class="main-link">' . $clean_file_name . '<span class="ext">.' . $clean_file_ext . '</span></a><br /> <span class="links hide"> <a href="./mn-files.php?action=edit&id=' . $auto_increment_id . '">' . $lang['uni_edit'] . '</a> | <a href="./mn-files.php?action=delete&id=' . $auto_increment_id . '" class="fancy">' . $lang['uni_delete'] . '</a> </span> </td> <td>' . get_file_size($file_size, 2, false) . '</td> <td>' . $lang['files_dir_' . $file_dir] . '</td> <td>' . $_SESSION['mn_user_name'] . '</td> <td>' . date('d.m.Y') . '<br /><span class="trivial">' . date('H:i') . '</span></td>
$u_lines = ''; $add_user = true; foreach ($users_file as $single_line) { $u_data = explode(DELIMITER, $single_line); if (substr($u_data[0], 0, 2) == '<?') { $u_id = trim($u_data[1]); } elseif (trim(strtolower($_POST['username'])) == trim(strtolower($u_data[1])) || trim(strtolower($_POST['email'])) == trim(strtolower($u_data[3]))) { $add_user = false; } else { $u_lines .= $single_line; } } if ($add_user === true) { $u_content = SAFETY_LINE . DELIMITER . ($u_id + 1) . "\n"; $u_content .= $u_lines; $u_content .= $u_id . DELIMITER . $_POST['username'] . DELIMITER . sha1($_POST['pass1']) . DELIMITER . $_POST['email'] . DELIMITER . $_POST['group'] . DELIMITER . '1' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . mn_time() . DELIMITER . '-' . DELIMITER . '0' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . "\n"; if (mn_put_contents($file['users'], $u_content)) { header('location: ./mn-users.php?back=added'); exit; } else { overall_header($lang['users_add_new_user'], $lang['users_msg_put_contents_error'], 'error'); } } else { overall_header($lang['users_add_new_user'], $lang['users_msg_already_exists'], 'error'); } } else { overall_header($lang['users_add_new_user'], $lang['users_msg_passwords_not_same'], 'error'); } } else { overall_header($lang['users_add_new_user'], $lang['users_msg_email_check'], 'error'); }
// xFields if (isset($_POST['x_fields']) && file_exists(MN_ROOT . $file['xfields'])) { $xfields = get_unserialized_array('xfields'); $post_xfields = array(); foreach ($xfields as $xVar => $x) { if ($x['section'] != 'pages') { continue; } else { $post_xfields[$xVar] = check_text($_POST['x' . $xVar], true, 'xf'); } } $xfields_serialized = serialize($post_xfields); } else { $xfields_serialized = ''; } $p_content = SAFETY_LINE . "\n" . DELIMITER . $_POST['id'] . DELIMITER . mn_time() . DELIMITER . check_text($_POST['title']) . DELIMITER . friendly_url($_POST['title']) . DELIMITER . $var['author'] . DELIMITER . $_POST['visible'] . DELIMITER . $p_order . DELIMITER . $p_pass . DELIMITER . '' . DELIMITER . $xfields_serialized . DELIMITER . "\n" . check_text($_POST['text']); if (mn_put_contents($dir['pages'] . 'page_' . $_POST['id'] . '.php', $p_content)) { header('location: ./mn-pages.php?action=edit&id=' . $_POST['id'] . '&back=edited'); exit; } else { overall_header($lang['pages_edit_page'] . ' » ' . $var['title'], $lang['pages_msg_put_contents_error'], 'error', true); } } else { $var['title'] = check_text($_POST['title']); $var['text'] = check_text($_POST['text']); $var['id'] = check_text($_POST['id']); overall_header($lang['pages_edit_page'] . ' » ' . $var['title'], $lang['pages_msg_empty_values'], 'error', true); $admin_tmpl['form'] = true; } } elseif (isset($_GET['action']) && $_GET['action'] == 'delete' && file_exists($dir['pages'] . 'page_' . $_GET['id'] . '.php')) { $var = get_page_data($_GET['id']);
$u_lines = ''; $action['add_user'] = true; foreach ($u_file as $single_line) { $u_data = explode(DELIMITER, $single_line); if (substr($u_data[0], 0, 2) == '<?') { $u_id = trim($u_data[1]); } elseif (trim(strtolower($_POST['username'])) == trim(strtolower($u_data[1])) || trim(strtolower($_POST['email'])) == trim(strtolower($u_data[3]))) { $action['add_user'] = false; } else { $u_lines .= $single_line; } } if ($action['add_user'] === true) { $u_content = SAFETY_LINE . DELIMITER . ($u_id + 1) . "\n"; $u_content .= $u_lines; $u_content .= $u_id . DELIMITER . $_POST['username'] . DELIMITER . sha1($_POST['pass1']) . DELIMITER . $_POST['email'] . DELIMITER . $conf['users_default_group'] . DELIMITER . '1' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . mn_time() . DELIMITER . $_SERVER['REMOTE_ADDR'] . DELIMITER . '0' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . "\n"; if (mn_put_contents($file['users'], $u_content)) { if (isset($_POST['redir'])) { header('location: ' . $_POST['redir']); exit; } else { header('location: ./mn-login.php?back=regdone'); exit; } } else { $error_msg = $lang['users_msg_put_contents_error']; } } else { $error_msg = $lang['users_msg_already_exists_short']; } } else {
if (isset($_GET['t']) && !empty($_GET['t']) && !in_array($_GET['t'], $temp_var['tags_array'])) { continue; } if (isset($_GET['q']) && strlen($_GET['q']) > 2 && !preg_match('/[!?\'$&\\/()=%*:;,.@\\"#~|_+{}<>]/i', $_GET['q'])) { $post_content = file_get_contents(MN_ROOT . $dir['posts'] . 'post_' . $temp_var['post_id'] . '.php'); if (stripos($post_content, $_GET['q']) === false) { continue; } } $var = get_post_data($temp_var['post_id']); $approve_button = $auth == 1 && $var['status'] == 4 ? ' · <form action="./mn-posts.php" method="post" id="approve_' . $var['id'] . '"><span class="simurl" onclick="$(\'form:#approve_' . $var['id'] . '\').submit();">' . $lang['uni_approve'] . '</span><input type="hidden" name="id" value="' . $var['id'] . '" /><input type="hidden" name="action" value="approve" /></form>' : ''; $comments_count = get_comments_count($var['id']); $comments_s = $var['comments'] == 1 && $conf['comments'] ? '' : ' off'; $comments = $comments_count > 0 ? '<!-- ' . $comments_count . ' --><a href="./mn-comments.php?p=' . $var['id'] . '" class="comment-link' . $comments_s . '">' . $comments_count . '</a>' : '<!-- 0 --><span class="trivial' . $comments_s . '">0</span>'; $author = !empty($users[$var['author']]) ? $users[$var['author']] : '<!-- anonym --><span class="trivial">' . $lang['posts_author_anonym'] . '</span>'; $status = $var['timestamp'] > mn_time() && ($var['status'] == 1 || $var['status'] == 2) ? '<span class="status_6">' . $lang['posts_future_post'] . '</span>' : '<span class="status_' . $var['status'] . '">' . $lang['posts_status_name_' . $var['status']] . '</span>'; $datetime = $var['timestamp'] == 9999999999 || empty($var['timestamp']) ? '<span class="trivial">-</span>' : date('d.m.Y', $var['timestamp']) . '<br /><span class="trivial">' . date('H:i', $var['timestamp']) . '</span>'; $var['title'] = mb_strlen($var['title']) > 38 ? '<span title="' . $var['title'] . '">' . mb_substr($var['title'], 0, 36, 'utf-8') . '…</span>' : $var['title']; if ($var['cat'] == '-1') { $category_name = '<!-- uncategorized --><span class="trivial">' . $lang['cats_uncategorized'] . '</span>'; } elseif (empty($categories[$var['cat']])) { $category_name = '<!-- unknown --><span class="trivial">' . $lang['cats_unknown_category'] . '</span>'; } else { $category_name = $categories[$var['cat']]; } if (isset($conf['web_url']) && !empty($conf['web_url']) && substr_count($conf['web_url'], 'http://') == 1) { $show_web = ' (<a href="' . generate_url($conf['web_url']) . 'mn_post=' . $var['id'] . '" title="' . $lang['posts_show_post_web'] . '">»</a>)'; } else { $show_web = ''; } $posts_result .= '<tr>
function get_unique_timestamps() { global $file; if (file_exists(MN_ROOT . $file['posts'])) { $p_file = file(MN_ROOT . $file['posts']); $timestamps = array(); array_shift($p_file); $p_file = mn_natcasesort($p_file); $p_file = array_reverse($p_file, true); foreach ($p_file as $p_line) { $p = get_values('posts', $p_line, false); if ($p['status'] != '1' || $p['timestamp'] > mn_time()) { continue; } else { $timestamps[$p['timestamp']] = date('Y-m', $p['timestamp']); } } ksort($timestamps); $timestamps = array_unique($timestamps); return $timestamps; } else { return NULL; } }